Documente Academic
Documente Profesional
Documente Cultură
11 MAC Layer
4.4.1
4.4.2
4.4.3
4.4.4
Introduction
Medium Access Control
MAC Management
Extensions
Power management
Periodic sleep without missing a message by negotiated sleep
periods and buffering frames during such periods
Implemented, but rarely used
Association/Reassociation
integration into a LAN
roaming, i.e. change networks by changing access points
scanning, i.e. active search for a network
Synchronisation
Each station has an internal clock;
802.11 specifies Timing Synchronisation Function (TSF) to
synchronise all these clocks
Exact synchronised clocks are important for
Power saving, PCF coordination, synchronisation of frequency
hopping of FHSS
Synchronization (infrastructure)
beacon interval
access
point
medium
B
busy
busy
busy
B
busy
t
beacon frame
-5-
-6-
MAC Services
802.11 requires provisioning of 9 services:
Distribution Services
Station Services
Authentication: with AP
De-Authentication: from AP
-7-
-8-
IEEE802.11e: EDCA
Enhanced Distributed Channel Access
Extends DCF of legacy 802.11
Up to 8 queues / traffic classes (TC) for different
application types, each with individual backoff
Transmission parameters configurable for each TC:
CWmin, CWmax, arbitrary IFS (AIFS) with configurable
duration, min. duration = DIFS duration
Virtual collisions (inside the station's protocol stack)
If two queues decide to send packet at same time
queue with higher priority sends first
queue with lower priority retransmits, but CW is not
increased, because no physical collision
-9-
IEEE802.11e: HCCA
Hybrid Coordination Function Controlled Channel Access
Extends PCF of legacy 802.11
Up to 8 queues / traffic classes (TC) for different
application types
Channel access determined by scheduler
Determines order of data packets (downlink) and polling packets
(uplink)
Algorithm out of the scope of standard, vendor-specific
- 10 -
BACK
AP
Station 1
DIFS
AD1
DIFS
SIFS
AD2
SIFS
BACK
Station 2
AD
BACK
Contention
Block Acknowledgement
- 11 -
Subframe 1
Subframe 2
...
Subframe n
Reserved
length
CRC
Delimiter
MAC Frame
Pad
12
variable
0-3
bits
- 12 -
AP
AP
wired network
AP
- 13 -
MG
MG
Mesh BSS
Mesh BSS
W. Conner et al.: IEEE 802.11s Tutorial, IEEE 802 Plenary, November 2006
- 15 -
WEP
WPA, EAP, 802.1X
WAP2/802.11i
WPS
other security layers
Objectives of Security
Authorisation
Only authorised terminals can access BSS
Terminal is accessing authorised AP and not rogue AP
Certificates or passwords for authorisation
Privacy/Encryption
Generally anyone can listen to wireless channel with appropriate
tools
Authentication
Authenticate the originator or the message
Integrity
Data manipulation, can be prevented by encryption and checksums
- 17 -
Security a problem?
Sender, Receiver and Intruder (Alice, Bob and Trudy)
Data
Data
Secure
Sender
Channel
Packet sniffing
IP spoofing
Denial-of-service attack
Kurose/Ross
- 18 -
http://www.pulsewan.com/data101/802_11_b_basics.htm
- 19 -
40/104 Bit
Data
PRNG sequence
WEP key
Data+CRC
Current IV
Data+CRC (encrypted)
AP
identity assertion
Encrypted using
shared WEP
key
identity assertion/
challenge text
128-bit
one-time
nonce
encrypted text
success/failure
- 21 -
Decrypted
using shared
WEP key
TZI FB 1 Communication Networks
Andreas Knsgen Summer Term 2014
WEP weaknesses
All users share the same key
Keys are not regularly changed, but stay constant
until changed by the user
IV is recommended to be changed with every
packets, but many manufacturers do not do it
IV too short
Known attacks since several years
AP does not have to authenticate against client
wild APs can attack client
- 22 -
Design Objectives:
no new chip design
backwards compatible to old hardware
Therefore
No fixed WEP key, but dynamic assignment of keys
for each connection set-up and during ongoing connections
User-specific keys
marketed as WPA
- 23 -
- 24 -
WLAN login
EAP/802.1x negotiation
Announce Master Secret
Key
time
logoff
- 25 -
Signalling in WPA
For Broadcast packets encryption needs to be supported by all
clients of BSS
If mixed WEP/WPA clients are allowed, the weaker WEP encryption
has to be used for broadcasts
- 26 -
- 27 -
Michael key
Data
added to each
packet before
encryption
keykey
TKIP
Data + Michael
prevents attacker
to falsify packets
If > 2 Michael
errors per minute
Abort
communication
renegotiate keys
after 1 min.
A. Arnold, Jenseits von
WEP, Heise, ct 21/2004,
p. 214ff
A. Arnold, Jenseits
von WEP, Heise, ct
21/2004, p. 214ff
802.11i/WPA2: AES-CCM
- 31 -
- 32 -
VPN
Server
Using a VPN (e.g., IPsec, OpenVPN) above the WLAN provides the
security present in the environment of the VPN server